Sunday, 11 March 2018

[17.10] libssl-dev 1.0.2g is 1.0.0

Hi

distribution : artful (ubuntu 17.10)
package libssl-dev [1.0.2g]

the package libssl-dev claims to be 1.0.2g, but it seems to be older
header-version 1.0.0, as it lacks the constant

./crypto/x509/x509_vfy.h:# define X509_V_ERR_INVALID_CALL
65

It seems libssl binary package is also 1.0.0


ii libssl-dev:amd64 1.0.2g-1ubuntu13.3
amd64 Secure Sockets Layer toolkit -
development files
ii libssl-doc 1.0.2g-1ubuntu13.3
all Secure Sockets Layer toolkit -
development documentation
ii libssl1.0.0:amd64 1.0.2g-1ubuntu13.3
amd64 Secure Sockets Layer toolkit - shared
libraries


This could be a security issue, shipping a library 1.0.0 claiming to be
1.0.2g


--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel